iOS 5 beta hobbles OS downgrades, untethered jailbreaks

Untethered jailbreaks and OS downgrades are being hobbled by the latest iOS 5 …

Those who screw up their iPhones with an unsupported jailbreak—or who have bad luck with their iOS upgrades and want to roll back to an older version—are usually able to make everything right again by downgrading their phone's OS back to the previous version. That practice appears to be on the endangered list, however, thanks to changes within iOS 5. A post at the Dev-Team Blog indicates that Apple is taking steps to inhibit downgrades to previous versions of iOS, in addition to untethered jailbreaks.

Those who regularly jailbreak their iOS devices are usually familiar with the concept of saving your "blobs." Users can save their SHSH blobs using a tool such as Cydia or TinyUmbrella before upgrading to a new version of the OS so that they can eventually restore that specific device to that firmware via iTunes.

Thanks to some changes that Apple is making to "APTicket" within iOS 5, however, this may no longer be possible. "The LLB and iBoot stages of the boot sequence are being refined to depend on the authenticity of the APTicket, which is uniquely generated at each and every restore (in other words, it doesn’t depend merely on your ECID and firmware version… it changes every time you restore, based partly on a random number)," wrote the team behind many iOS jailbreaks and hacks. "This APTicket authentication will happen at every boot, not just at restore time. Because only Apple has the crypto keys to properly sign the per-restore APTicket, replayed APTickets are useless."

Those who have already backed up pre-iOS 5 blobs will still be able to restore their phones to them, but only using an older version of iTunes. And jailbreaks will likely remain a part of iPhone culture, but they will probably be limited to tethered jailbreaks—no more wireless jailbreaks for you.

"Although it’s always been just 'a matter of time' before Apple started doing this (they’ve always done this with the BBTicket), it’s still a significant move on Apple’s part (and it also dovetails with certain technical requirements of their upcoming [over the air] 'delta' updates)," wrote the team.

Indeed, a large tradeoff here is the availability of over the air (OTA) updates as part of iOS 5. iPhone users will no longer have to plug their phones into a computer in order to sync or update the OS, and the updates themselves will only contain the things that have changed since the last upgrade—not the entire OS. In this sense, Apple is less likely to be going out of its way to hobble jailbreakers (though that's undoubtedly a nice side effect from Apple's point of view), and instead is merely focusing on what needs to be done in order for the OS to be updated. Since jailbreaks and even self-downgrading have never been supported activities, folks who engage in such practices end up getting the short end of the stick when Apple makes major changes to the OS functionality.

In addition to downgrades and tethered jailbreaks, Apple also appears to be mucking with some iPhone unlocking solutions, as evidenced by the recently released iOS 5 beta 2. A hardware-based unlocking tool called Applenberry’s Gevey SIM unlock was able to unlock iOS devices without any kind of jailbreak, though it did make use of an exploit within the OS in order to do the deed. As noted by AppAdvice (hat tip to a tweet by MuscleNerd), Apple closed the hole as part of the latest beta release, with some speculating that Apple was "under pressure" to take care of these unauthorized modifications before the final release of iOS 5.

It's worth pointing out that we're still talking about a beta of an unreleased version of iOS 5—any manner of changes could still take place between now and the final release, which is scheduled for this fall. As noted by the Dev-Team, there are many ways to "combat" Apple's changes, but "a beta period is really not the time or place to discuss them."

I'd just like to thank Apple for introducing so many new people to "hacking" to make their device do things it "wasn't intended" to do.

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

"Those who screw up their iPhones with an unsupported jailbreak—or who have bad luck with their iOS upgrades and want to roll back to an older version—are usually able to make everything right again by downgrading their phone's OS back to the previous version."

It's pretty rare for ArsTechnica to be wrong from the very first sentence, but Apple has never supported rolling back iOS to previous versions.

Apple closed the hole as part of the latest beta release, with some speculating that Apple was "under pressure" to take care of these unauthorized modifications before the final release of iOS 5.

Apple was under pressure to close a massive security vulnerability before they shipped the code? Anything that can get enough access to unlock your phone could be used for some seriously malicious purposes too.

I'd just like to thank Apple for introducing so many new people to "hacking" to make their device do things it "wasn't intended" to do.

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

Yeah. They should buy Android devices that effectively prevent upgrades...

It's pretty rare for ArsTechnica to be wrong from the very first sentence, but Apple has never supported rolling back iOS to previous versions.

I don't see where they suggested it was supported, but until now Apple hasn't actively worked to prevent it.

Am I mistaken?

Where are you seeing that Apple is now actively working to prevent it?

The article states that Apple is actively working to add much-requested features such as over-the-air updates and delta updates to the OS. Surely you're not implying that Apple is required to test every basement hacker's method for jailbreaking to make sure they'll still work, too?

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

I think the phone manufacturers are simply conduits for the hostility toward customers held by the carriers. I have an iPhone, and the only reason I've ever jailbroken my device was so that I could subsequently unlock it. US carriers are terrible about locked phones and exclusivity deals, and phone manufacturers just play along (likely they receive a cut for new subscribers and the like).

Voting with your wallet in the US means leaving your carrier and moving to a new one. This, of course, means that you can no longer use your phone, and will need to buy a new one of those as well.

I'd just like to thank Apple for introducing so many new people to "hacking" to make their device do things it "wasn't intended" to do.

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

Yeah. They should buy Android devices that effectively prevent upgrades...

"Those who screw up their iPhones with an unsupported jailbreak—or who have bad luck with their iOS upgrades and want to roll back to an older version—are usually able to make everything right again by downgrading their phone's OS back to the previous version."

It's pretty rare for ArsTechnica to be wrong from the very first sentence, but Apple has never supported rolling back iOS to previous versions.

I'm not sure what you are reading that I'm not but from what I see, she simply said they are usually able to, not that it was supported.

A Closed Developer Beta release isn't the digital version of an early Christmas present.

And so I find it increasingly difficult to garner much sympathy, let alone understanding, for people too impatient to wait for the general release of iOS 5. If you aren't an accredited iOS DEVELOPER, installing iOS 5 on test-devices to check coding and performance for your Apps (or to report bugs back to Apple) - then why are you installing iOS 5 now anyway?

Its bad enough when these benighted fools brick the own iDevices. Its even worse when they tell people even more deluded than they are that "all the kewl kidz" are installing the iOS 5 Beta.

Installing a torrented iOS 5 Beta doesn't make you a freedom fighter. And it certainly isn't a testament to your awesome hacking skillz. Its just the digital gods' way of telling you you ain't half as smart as you thought you were.

Yeah. They should buy Android devices that effectively prevent upgrades...

Expand upon this statement, please.

I'm not the original poster to this, but he may be implying that Android phones often get trapped on a given version, and you have to wait a long time for old upgrades, if you get them at all. At least that is the complaint I often read. Its not necessarily Google's fault, but rather vendors and carriers are the bottleneck. It doesn't matter, really, since you're screwed regardless.

That said, Apple is probably the best at providing updates to its devices, in comprehensive terms. Granted, they don't have a lot of devices or carriers to bother with. They could do a better job though, as I had to downgrade my 3g back when iOS 4 came out, and Apple didn't make that easy.

There is so much misinformation in this article. Apple has always actively worked to prevent downgrades; now they've just tightened that existing security. Tethered jailbreaks have nothing to do with wired/wireless; the term refers to a jailbreak that must be reapplied every time the device reboots. Delta updates aren't necessarily only for over-the-air use. And the although Apple surely made changes to support the new update system, the enhanced downgrade-prevention security doesn't seem required for that; it was probably done because Apple specifically wanted downgrading to be harder (because if you can't take a new, patched phone and downgrade to an older, vulnerable OS version, you can't run old jailbreaks that exploit those vulnerabilities).

I'd just like to thank Apple for introducing so many new people to "hacking" to make their device do things it "wasn't intended" to do.

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

Yeah. They should buy Android devices that effectively prevent upgrades...

Expand upon this statement, please.

I'm not the original poster to this, but he may be implying that Android phones often get trapped on a given version, and you have to wait a long time for old upgrades, if you get them at all. At least that is the complaint I often read. Its not necessarily Google's fault, but rather vendors and carriers are the bottleneck. It doesn't matter, really, since you're screwed regardless.

That said, Apple is probably the best at providing updates to its devices, in comprehensive terms. Granted, they don't have a lot of devices or carriers to bother with. They could do a better job though, as I had to downgrade my 3g back when iOS 4 came out, and Apple didn't make that easy.

This. Just went to Verizon and Droid Charge and the Droid x2 are both on 2.2. How long has 2.3 been out?

There is so much misinformation in this article. Apple has always actively worked to prevent downgrades; now they've just tightened that existing security. Tethered jailbreaks have nothing to do with wired/wireless; the term refers to a jailbreak that must be reapplied every time the device reboots. Delta updates aren't necessarily only for over-the-air use. And the although Apple surely made changes to support the new update system, the enhanced downgrade-prevention security doesn't seem required for that; it was probably done because Apple specifically wanted downgrading to be harder (because if you can't take a new, patched phone and downgrade to an older, vulnerable OS version, you can't run old jailbreaks that exploit those vulnerabilities).

Agreed with everything here, though I would say that they haven't always worked to do so. I distinctly remember being able to downgrade 1.x series of iPhone OS installs with ease (download the ipsw and ctrl/shift-click on "Restore..."). I even think I remember being able to do this with iPhone OS 2.x -- it was 3.0 where they began enforcing these SHSH blobs, as far as I can recall.

What MonkeyPaw and AnitaMan said. For a huge number of Android handsets in the US market, probably the majority of them, you need to root your phone to keep it running the newest version of Android-- and that's not even considering Honeycomb. Just getting from Froyo to Gingerbread is like pulling teeth.

Is it so much to ask for a root/admin account on my iPad2? I bought the thing. It is not involved in a service contract where a wireless carrier could stipulate a non-root account as a condition of network use. It's clearly a powerful device and well built. It's just irritating that every once in a while I want to do something and my searches all come up with "just jailbreak it first". I can't jailbreak it dammit!

If I bought a Dell notebook and Dell made sure that I always ran it under a guest account rather than Admin in order to "close security holes" or "ensure stability and ease of troubleshooting" I would return the thing immediately.

Yeah, yeah, I know...first world problems. It's just my usual love/hate relationship with Apple. They make such nice kit and there is a lot of great software available for it. I just have to do things "their" way and sometimes it drives me nuts to see something that does so much right get certain things so irritatingly wrong.

I'd just like to thank Apple for introducing so many new people to "hacking" to make their device do things it "wasn't intended" to do.

Maybe if this annoys them enough, they'll push for and buy devices that allow them to do what they want instead of supporting a vendor that obviously treats them with hostility. You know, voting with your wallet and whatnot.

Yeah. They should buy Android devices that effectively prevent upgrades...

Buhahahahahaha ok. The Nexus devices get timely updates. Next....

Okay, the Nexus devices do. So you'd suggest to people NOT to buy just any old Android phone, but specific ones? Namely the Nexus line? Else they'd run into upgrade stagnation such as HTC not upgrading certain phones because their pretty Sense UI takes up so much RAM. Guess it sucks to be them huh, and they should have gone with a Nexus phone instead. Buhahahahahaha. Next...

First of all, it is from January, and a lot has changed since then. Point in case: Samsung has updated just about all phones to at least 2.2, and 2.3 for the major Galaxy S phones. In %, that's a huge user-base that can upgrade to the latest version of Android available until ICS. SE has also updated their phones a lot more aggressively since then, with most of their line-up running 2.3.

Second, the whole discussion here relates to jailbroken iPhones, so it really makes sense to consider rooted Android phones. Rooting your Android isn't discouraged by Google, and even the plague of encrypted bootloaders seems to have passed due to consumer demand. With these obstacles out of the way, there are really very few reasonably modern phones that can't be upgraded to Gingerbread. Obviously I'm ignoring carriers holding up updates - that's mostly a US problem and isn't nearly as relevant in the rest of the world, and if you root your phone you can easily get the update despite the carriers even in the US.

I hope Apple keeps screwing their users and push at least the technophiles towards other platforms (not necessarily Android). They make too much money as it is, and I just can't like a tech company that so blatantly emphasizes form over function.

What MonkeyPaw and AnitaMan said. For a huge number of Android handsets in the US market, probably the majority of them, you need to root your phone to keep it running the newest version of Android-- and that's not even considering Honeycomb. Just getting from Froyo to Gingerbread is like pulling teeth.

Pulling teeth? I drop update.zip onto my sdcard and reboot. I have a repository that lets me download nightly builds or stable versions with literally 3 taps of the phone How is that pulling teeth? Yes there are phones out there with locked bootloaders that have a few extra steps but then again there are programs that give you root in the market too.

FYI honeycomb is not on phones, 2.3 is the newest phone variant, and plenty of popular phones have 2.3 roms for them.

Why does everyone assume malicious intent (towards jailbreakers or otherwise) when there is probably a perfectly good reason for this? I read earlier that this is actually the fault of a technical detail relating to the new OTA update system. This seems like a lot saner reason than "APPLE ARE OUT TO GET US. RUN AWAY!".

I think the phone manufacturers are simply conduits for the hostility toward customers held by the carriers. I have an iPhone, and the only reason I've ever jailbroken my device was so that I could subsequently unlock it. US carriers are terrible about locked phones and exclusivity deals, and phone manufacturers just play along (likely they receive a cut for new subscribers and the like).

By and large the manufacturers do not get a cut of subscriber fee's. The reason they "play along" is, when you go buy the new hotness phone for $199.00 + 2 year contract, the carrier pay's the subsidy for that price. You pay $199 and the carrier picks up the other $200 or what ever it is. Far far more people will pay the lower price and the phone manufacturer still gets full retail.

When the iPhone first came out Apple tried to change that. We customers got to pay $599 for the first iPhone AND we got a 2 year contract. In that case, they were charging full retail AND they were getting a slice of subscriber fees. Sales were affected and for the iPhone 3G they went back to the traditional model. Google tried changing it too with the Nexus One. They wanted to sell it at full retail price with no contract lock in but once again the market did not response.

People have voted with their wallets and that vote is we want awesome phones for cheep prices with great features but given all of that we are still going to complain about contract lock in and and what ever arbitrary feature limitations the carriers and manufacturers choose to concoct.

A 6 month article which has facts out of date? Wow really, great job, just great. Look if you wanna talk stock sure android has had some growing problems with keeping up to date, but this is largly getting fixed on new phones and google has actively set up programs with it's partners to fix this since it's been one of the biggest complaints.

We're talking about rooted phones here and apple ain't got shit on android I was running 2.2 4 months before the offical upgrade and I've been running 2.3.4 since about a week after it was released. I can open my phone right now and be on a different rom in the time it takes to post this. I get nightly builds pushed to my phone or I can sit on the stable one if I don't want a nightly messing up my bluetooth.